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network the most coram api*oach is management 
of thseqmpottittftomam^n^^ 
(for example die Solstice Enterprise Manager by 
SunSoft, the NetView 6000 by IBM and die BP 
Open View by Hewlett Packard) with manyappBca- 
dons which each manage the defined objects sped- 
fied in the RFC MIBs or in the system's private 
MDBs. In dm situation, management is a difficult 
process largely based on centralized capacity. One 
way to simplify die process is to use a Web browser 
as the GO for the management system. 

In nuny cases an a dmini s tr a to r, who is response 
He for a specific subnet or virtual network, rewrites 
specific access to management objects relating to 
these networks. la this station the pro blem co old 
be resolved by offering the users/administrator se- 
emed access to a range of objects specified by that 
user; via a Web browser: Ibis concept of manage- 
meat services cocld also be used for a wide range of 
. control functions of specific domains within the net- 
work. In this esse one management centre could 
offer many services to die distributed domain man- 
agers. 

If we look at the problem from dds perspective 
we see that management services, with the possibil- 
ity of definag objects by the users, considerably 
extend the functionality of management services by 
arfng a Web browser to access commac MBy av ail- 
able modules oa a central management system. A 
pilot system, b«ed on dds concept, was designed 
and hwplniirntrd fry the Phamfi Supercompnting and 
Networking Center to offer m a na gemen t services to 
the Pcznaii Metropolitan Area Network and die Pol- 
ish national academic network POL-34. 



Recently we have seen the complete integration erf 
management systems using a Web interface as a GUI 
for access to die system. Management systems using 
die We* aie very convenient, because die a ^D^M» 
tor can use the management software from anywhere 
he wants. He can even use a modem and a cfial-up 
connection to manage Ids devices as the required 
software is automatically downloaded from the server 
by die Web browser. 



An c s am p l e of such a system is die Dr-Web 
aeries from SNMP Research International (Dr-Web 
Manager mi Dr-Web AgcntX These applications 
provide an interface between the SNMP agent and 
flic Web browser and aDow access to selected SNMP 
variables by specific URLs. 

Other types of the Web management software 
include applications, which have a similar function 
to regular management software, but with a graphical 
Web interface. Thus, they have a great advantage 
over traditional systems as they allow die network to 
be naoaged from a nywh er e the administrator can 
connect to die TCP/IP network. These systems can 
perform m automatic cfiscovety of the network, birild 
a logical network map, visuafize the statu of the 
network and present the collected performan ce data 
in graphical form. However, as such management 
^plications are a remote interface to die manage- 
ment system itself, die software mast have some 
security features, Hke encrypted uai si M mir a iWi be- 
tween server and cBent and user identifirations. Tins 
is very important because access to the management 
system from any host on the network may bdp 
somebody to intercept date of aucial importance far 
the fife of die network. Examples of suck systems 
are hmaSpection from Asant6 Technologies or 
NetView 5 from IBM. 

The advantage of the software described above is 
die gngfcical visualization of die managed devices 
and the connections between diem. Additionally, 
Web interface applications are accessible from any 
host on the connected TCP/IP network, and tide is 
very convenient for die administrators. 

Unfortunately, die systems available on the mar- 
ket can only visualize SNMP variables gathered 
from virions SNMP agents in a very simple way, 
showing die SNMP variables as text or number. The 
systems do not altow users to create their own 
management panda. 

The system developed by the PSNC (WcMian) 
resolves die problems described above and is pre- 
sented in the next section. 

3. The WefaMan system architecture 

The WebMan system allows the management of 
devices and their access to SNMP agent variables 
and then follows die access of specific parameters 
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4 was chosen It offers great management abilities 
and a convex API which supports SNMP servioes. 
It easily allows the implementation of functions thai 
gather data from SNMP agents and sets their vari- 
ables with new values. There are also NetView 
database and NetView maps used with this APL 
However, it should be noted that WebMan could 
easily be implemented on other systems that have a 
surohr fwctionafity to NetView. 

The WebMan server is located on a machine 
running the management system. There are some 
advantages to this solution such as: 
• There is a manag e m ent system database and maps 
used fbr stoning WtfcMan objects, parameters and 

t system API, which 
the ase of the SNMP protocol and 
allows access to management system databases 
and maps. 

All management devices send traps to the man- 
agement system, so WebMan can catch all of 

the fftr IfftpSi 

Many devices can be accessed only from manago- 
: stations, so WebMan can access all avsS- 




ablc devices. There is full access to all 
devices. 

This system also has some security features such 
as user aatheabcatk» and ttansnrission encoding 
These featmes are nerimmed by the tet stream 
algorithm CR04X which uses symmetric keys. 

Many men can be defined in the system. The 
system administrator can set different levels of au- 
thorization aBowrot cBeots to access only some of 
the devices. The seenriry includes limiting access to 
the devices based on IP addresses and permitting 
read-write or read-only operations. 

Because the centre point of this system is the 
server naming on the m an ag ement station, aV con- 
figuration data is stored in a NetView database. This 
nfonnation includes all users' rights and manage- 
ment panels. For storing this data there are specially 
defined database fields, which are also attributes of 
NetView objects. Themmre, all user attributes am 
stored in the objects representing each user's home 
map on a NetView sobmap. All other objects gener- 
ated by WebMan are represented by symbols on the 
hierarchical NetView sobmaps below the user 
sobmap. Bach object on the management panel bm 
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there are modules tot im p l e m e n t remote access to 
the NetView functions from the WebMan objects. 
The client can also visualize SNMP variables and 
has an editor for creating management panels. Both 
these fbnetions require access to to WebMan ob- 
jects defined m to NetView database. This k en- 
abled with WebMan functions, which remotely exe- 
cute NetView calls. 

The project of this system is expected to ran hs 
server on the same station as the whole m a n a g e me nt 
system. This solution may decrease the system per- 
formance depending on to number of managed ob- 
jects, available operational memory, to storage de- 
vice capacity and to CPU (Central Processing Unit) 
speed. This is a reason to consider another imple- 
mentation of to WebMan server. 

It is planned that there will be another dedicated 
station to the WebMan server, only. The second 
station most run to whole NetView system, bat it 
does nothing bat service the WebMan server. The 
only additional requirement will be to receiving of 



an traps from to main management station and 
access to all managed devices. 

This solution Bghtens the load of the main man- 
agement station, because although the server itself 
does not load to CPU and to memory very much, 
the most critical operations are those tot perform 
database accesses and these reqmre a lot of memory. 
Therefore entering many objects (rang the WebMan 
system) to to NetView database may be very criti- 
cal lot the performance of to management station. 
In this situation to dedicated WebMan station will 
be a good solution. 

When there are many periomcaBy gathered dam 
from SNMP agents, there may be increased network 
traffic between to server and cheat. Of coarse, this 
depends on the amount of garnered data and on to 
frequency of gathering Note that to main manage- 
ment station generates some traffic that also depends 
on to amount of data. So, if to WebMan server is 
on to same station as the NetView system, then the 
network traffic can also be increased. 




Fig. 4. Mm management pad fx 0* UPS. 
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two objects allow fte administrator to recognize 
easily the UPS's wodring statns. 

On die right of tbese two objects there are two 
snbpanel objects that open two windows: Battery 
Status (Hg. 5) and the hpot Line Stains (Kg. 6). 

In the Battery Statns window there are two text 
gelds presenting the elapsed time when in Oa-Bai- 
tay statns and the estimated remaning time until the 
foil battery nms cot, winch is calculated based on the 



prior UPS erfbeatioo. Below the text fields tiwe are 
two tat presenting the battay capacity (green) and 
the UPS load (red). If the battay capacity fells 
below 30% an alarm is sounded. 

The Input Line Statns panel presents the UPS 
input voltage on the chart Below it is die switch 
presenting, in a text fonn, the last cause of tai lorc 

At the bottom of the main management panel 
there are foor sobpands that open the Environment 
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: to cater OIDs (Object IDs). However the most 
im port an t development work is to create more Web- 
Man objects dm can visualize SNMP objects m 
different ways. 



This paper describes a new approach for manage- 
meni services based on the use oi h Web browser to 
access MIB objects. It compared the features of 
Web-based access with standard access from man* 
agement platforms or applkatkns. 

The implementation of die WcbMan management 
system is presented. A characteristic feature of this 
system is die possibility for the user to specify their 
own management panel for the visualization of pa- 
rameters related to managed devices. Communica- 
tkm between users and the server are implemented in 
a secured way by the use of encryption and user 
auth e nti cation. 

As an example, the use of the WcbMan system to 
manage a UPS system was presented* This example 
described how an the parameters accessible by ob- 
jects in the MIB could be visualized for the user. 

Fbture wodc it is expected to make an implemen- 
tation of die system which cooperates between die 
Web server and Web browsers produced by various 
suppliers. Other planned modifications include: 

• Implementation of algorithm secured transmission 
encoded with a public key. 

• Extension of die number of graphic objects in die 
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